Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,036
- Points
- 113
The campaign targeted US government departments, non-governmental organizations, and technology firms.
The Nobelium hacker group, linked by information security experts with the Russian Federation, tried to disguise its activities using "resident proxies" - the IP addresses of mobile and home computer networks of ordinary Americans.
We are talking about the new Nobelium campaign (the group is also considered the organizer of the sensational cyberattack on the American software manufacturer SolarWinds), aimed at organizations associated with global IT supply chains. According to Microsoft, since May of this year, hackers have attacked more than 140 technology service providers, 14 of which they managed to compromise.
Between July 1 and October 19 of this year, Microsoft recorded more than 22,000 Nobelium attacks on 609 of its customers, but most of the attacks were unsuccessful.
According to a Bloomberg source, the campaign targeted US government departments, non-governmental organizations and technology firms.
According to Charles Carmakal, senior vice president of information security company Mandiant, the hackers used residential IP proxies - IP addresses associated with a specific location that can be purchased over the Internet.
The use of such proxies makes it possible to disguise hacking attempts as traffic originating from American mobile phones or home Internet networks. For example, an attempt by a hacker to penetrate a computer network from the outside will look like a company employee logs in from a mobile phone.
As for the providers of residential proxies, whose services are used by Nobelium and other hacker groups, according to the head of the information security company Resecurity, Gene Yoo, these are Bright Data, Oxylabs and IP Burger.
When asked by Bloomberg for comment, Israel-based Bright Data said the company was scrutinizing customers and found no sign of Nobelium using their networks. Lithuanian Oxylabs said it is conducting an internal investigation, which currently has not revealed signs of malicious use of the service. Bloomberg was unable to find out where IP Burger is based or who owns it. The company did not respond to the request of the news agency.
The Nobelium hacker group, linked by information security experts with the Russian Federation, tried to disguise its activities using "resident proxies" - the IP addresses of mobile and home computer networks of ordinary Americans.
We are talking about the new Nobelium campaign (the group is also considered the organizer of the sensational cyberattack on the American software manufacturer SolarWinds), aimed at organizations associated with global IT supply chains. According to Microsoft, since May of this year, hackers have attacked more than 140 technology service providers, 14 of which they managed to compromise.
Between July 1 and October 19 of this year, Microsoft recorded more than 22,000 Nobelium attacks on 609 of its customers, but most of the attacks were unsuccessful.
According to a Bloomberg source, the campaign targeted US government departments, non-governmental organizations and technology firms.
According to Charles Carmakal, senior vice president of information security company Mandiant, the hackers used residential IP proxies - IP addresses associated with a specific location that can be purchased over the Internet.
The use of such proxies makes it possible to disguise hacking attempts as traffic originating from American mobile phones or home Internet networks. For example, an attempt by a hacker to penetrate a computer network from the outside will look like a company employee logs in from a mobile phone.
As for the providers of residential proxies, whose services are used by Nobelium and other hacker groups, according to the head of the information security company Resecurity, Gene Yoo, these are Bright Data, Oxylabs and IP Burger.
When asked by Bloomberg for comment, Israel-based Bright Data said the company was scrutinizing customers and found no sign of Nobelium using their networks. Lithuanian Oxylabs said it is conducting an internal investigation, which currently has not revealed signs of malicious use of the service. Bloomberg was unable to find out where IP Burger is based or who owns it. The company did not respond to the request of the news agency.
